Librem Tunnel Failure on Ubuntu 18.04


#1

I’m attempting to set up the Librem Tunnel on my Ubuntu LTS laptop and I’m running into an error when connecting: “Activation of network connection failed.” I followed the Purism docs and installed all the suggested packages. The only package I was not able to directly install was pipx. For that I had to use a work around by installing the python3 version of pip and use pip to install pipx. I was then successfully able to install ldh-client. The rest of the setup went fine–I put in my username and password and it connected and created my vpn login.

However, as mentioned above, it won’t actually connect. I’ve checked on my main computer, which is running the latest version of Ubuntu, and I have no issue at all connecting to the network with the same login information and using the same tutorial. I also attempted to create the OpenVPN settings by downloading the .ovpn file and filling in my username and password manually. Yet it still gave me the same error. The only lead I’ve gotten is when I watched the syslog while trying to connect. I get the following error (deleted some maybe personal info):

Aug 21 20:07:26 mordor NetworkManager[961]: [1566432446.6698] vpn-connection[redacted"LIbrem One",0]: VPN connection: failed to connect interactively: ‘Invalid HMAC auth.’
Aug 21 20:07:26 mordor NetworkManager[961]: [1566432446.6727] vpn-connection[redacted"LIbrem One",0]: VPN plugin: state changed: stopped (6)
Aug 21 20:07:26 mordor NetworkManager[961]: [1566432446.6739] vpn-connection[redacted,“LIbrem One”,0]: VPN service disappeared

It appears something is acting up with HMAC. I’m not familiar with what that would mean. Could anyone help me get this working? Thanks!


Problem installing tunnel on Linux Mint xfce
#2

Regarding this error; can you go to; VPN Settings > Identity > Advanced > Security

And in “HMAC Authentication”: Change to Default

And then try to connect again


#3

That did the trick! Thanks so much for your help. For some reason it was placed on SHA1.


#4

SHA-1 is essentially deprecated due to being considered insufficiently secure.